CVE-2025-46198HIGH 8.8EPSS p44.1%

CVE-2025-46198CVE-2025-46198

Description

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS0.60% probability of exploitation · percentile 44.1% · 2026-06-18T12:00:27Z
Published2025-07-25
Last modified2025-08-20

Underlying weaknesses· 1

CWE-79

References

  1. https://rapid-echo-f9c.notion.site/Grav-XSS-1dbaf8998a078072bb30ffc9b9e7ab4a?pvs=4
  2. https://tyojong.tistory.com/1

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-46199
CVE
CVE-2025-66844
CVE
CVE-2025-66294
CVE
CVE-2025-50286
CVE
CVE-2026-42611
CVE
CVE-2026-9646
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.